class Mongo::Auth::X509::Conversation

Defines behavior around a single X.509 conversation between the client and server.

@since 2.0.0

Constants

LOGIN

The login message.

@since 2.0.0

Attributes

reply[R]

@return [ Protocol::Message ] reply The current reply in the

conversation.
user[R]

@return [ User ] user The user for the conversation.

Public Class Methods

new(user) click to toggle source

Create the new conversation.

@example Create the new conversation.

Conversation.new(user, "admin")

@param [ Auth::User ] user The user to converse about.

@since 2.0.0

# File lib/mongo/auth/x509/conversation.rb, line 100
def initialize(user)
  @user = user
end

Public Instance Methods

finalize(reply, connection) click to toggle source

Finalize the X.509 conversation. This is meant to be iterated until the provided reply indicates the conversation is finished.

@example Finalize the conversation.

conversation.finalize(reply)

@param [ Protocol::Message ] reply The reply of the previous

message.

@param [ Server::Connection ] connection The connection being

authenticated.

@return [ Protocol::Query ] The next message to send.

@since 2.0.0

# File lib/mongo/auth/x509/conversation.rb, line 51
def finalize(reply, connection)
  validate!(reply, connection.server)
end
start(connection) click to toggle source

Start the X.509 conversation. This returns the first message that needs to be sent to the server.

@param [ Server::Connection ] connection The connection being

authenticated.

@return [ Protocol::Query ] The first X.509 conversation message.

@since 2.0.0

# File lib/mongo/auth/x509/conversation.rb, line 64
def start(connection)
  login = LOGIN.merge(mechanism: X509::MECHANISM)
  login[:user] = user.name if user.name
  if connection && connection.features.op_msg_enabled?
    selector = login
    # The only valid database for X.509 authentication is $external.
    if user.auth_source != '$external'
      user_name_msg = if user.name
        " #{user.name}"
      else
        ''
      end
      raise Auth::InvalidConfiguration, "User#{user_name_msg} specifies auth source '#{user.auth_source}', but the only valid auth source for X.509 is '$external'"
    end
    selector[Protocol::Msg::DATABASE_IDENTIFIER] = '$external'
    cluster_time = connection.mongos? && connection.cluster_time
    selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
    Protocol::Msg.new([], {}, selector)
  else
    Protocol::Query.new(
      Auth::EXTERNAL,
      Database::COMMAND,
      login,
      limit: -1
    )
  end
end

Private Instance Methods

validate!(reply, server) click to toggle source
# File lib/mongo/auth/x509/conversation.rb, line 106
def validate!(reply, server)
  if reply.documents[0][Operation::Result::OK] != 1
    raise Unauthorized.new(user, used_mechanism: MECHANISM, server: server)
  end
  @reply = reply
end